Archive for category xxx iPhone Forensics xxx

Distributed forensics and incident response in the enterprise

Abstract

Remote live forensics has recently been increasingly used in order to facilitate rapid remote access to enterprise machines. We present the GRR Rapid Response Framework (GRR), a new multi-platform, open source tool for enterprise forensic investigations enabling remote raw disk and memory access. GRR is designed to be scalable, opening the door for continuous enterprise wide forensic analysis. This paper describes the architecture used by GRR and illustrates how it is used routinely to expedite enterprise forensic investigations.

***********************************************************

Installing GRR

To install GRR you’ll need to set up a server, which runs the front-end HTTP server, enroller, workers and administration UI.

For this proof-of-concept they are installed on a single server, but a more scalable approach would be to run them on individual servers.

Installing the GRR server

To install the GRR server see ServerInstall

Installing the GRR clients

The GRR clients are best deployed as stand alone pre-packaged binaries. These are dependent on the Operating System of the client system

A new photograph-analyzing tool quantifies changes made by digital airbrushers in the fashion and lifestyle industry, where image alteration has become the psychologically destructive norm.

“Publishers have legitimate reasons to alter photographs to create fantasy and sell products, but they’ve gone a little too far,” said image forensics specialist Hany Farid of Dartmouth University. “You can’t ignore the body of literature showing negative consequences to being inundated with these images.”

In a Nov. 28 Proceedings of the National Academy of Sciences study, Farid and doctoral student Eric Kee debut a computational model developed by analyzing 468 sets of original and retouched photographs. From these, Farid and Kee distilled a formal mathematical description of alterations made to models’ shapes and features. Their model then scored each altered photograph on a scale of 1 to 5, with 5 signifying heavy retouching.

To validate the scores, Farid and Kee then asked 50 people randomly picked through Amazon’s Mechanical Turk task outsourcing service to evaluate the photographs. Computational and human scores matched closely. “Now what we have is a mathematical measure of photo retouching,” said Farid. “We can predict what an average observer would say.”

To our knowledge, this is the ﬁrst published work on accurate physical memory acquisition and deep memory analysis of the Android kernel’s structures. The developed kernel analysis support allows the popular Volatility framework to be used when analysing data, via our implementation of ARM-speciﬁc support.

The screenshots above show how I grabbed a picture off a blog and found the exif data hidden in the metadata of the picture. Using an exif decoding website, you put in the URL of the photo into the website. Next the website analyses the picture and provides you with the exif data. Locate the GPS coordinates in the exif data and throw that into google maps and you get the location of where the photo was taken.

Flickr has developed GEOFENCE. Cool little feature to turn off location leakage via the Flickr site. You still have to know about the feature and tune it yourself.

The term “geofence” may sound complicated, but our implementation is quite simple. A geofence is a user-defined boundary around a specific area on a map. We decided to keep the creation and editing process similar to geotagging on the photo page. We understand from developing the photo page map that it is important to provide a way to search for a location as well as simply drop something in the right place on the map. The geofence is represented by a selector-circle on a modal map panel with simple edit controls on the side.

The iPhone, the next Cyborg device that you carry to be online, anywhere. It’s also your Human Flight Recorder, documenting your whereabouts.

Researchers have discovered that the iPhone is keeping track of where you go and storing that information in a file that is stored – unencrypted and unprotected – on any machine with which you synchronize your phone.

Data scientists Alasdair Allan and Pete Warden came across the file – “consolidated.db” – while they were thinking about the potential trove of mobile data stored on a cellphone and thinking about ways to visualize this data.